SlideShare a Scribd company logo
Windows Server 2016
what is new in DNS (and IPv6 and DHCP)
1
© Men & Mice http://menandmice.com
Windows Server 2016
DNS Policies
Application Load-Distribution with DNS
IPv6 Root-Hints
DANE-Records Support
Support for Unknown DNS Records
Response-Rate-Limiting
Other new Features in Windows Server 2016
2
the features discussed here are based on the 

Technical Preview 5 (April 2016)
© Men & Mice http://menandmice.com
DNS Policies
DNS policies give fine control about how DNS queries should
be answered by a DNS server
• similar, but more powerful, than BIND 9 views
• Use-cases
• access control for DNS resolvers (prevent open resolver)
• DNS based load-distribution
• blackholing malicious clients
• Filter based on DNS domains or Query-Type
• Geo-Location-Aware DNS answers
• Traffic-Engineering based on time-of-day
• "Split-Brain" DNS configurations (CAUTION!)
3
© Men & Mice http://menandmice.com
DNS Policies
Every DNS zone can have one or more
"ZoneScopes"
• each ZoneScope can contain different DNS data (e.g.
different IP-Addresses for the same name)
• the DNS Policy defines, which ZoneScope is used when a
DNS query reaches the DNS server
4
© Men & Mice http://menandmice.com
DNS Policy criteria
5
Client Subnet Source address of the query
Transport Protocol either UDP or TCP
Internet Protocol either IPv4 or IPv6
Server Interface IP address
on which interface the query
comes in
domain name an FQDN (wildcards possible)
Query Type
the requested DNS record type
(A/AAAA/MX/SRV etc)
Time of Day Time when the query is received
© Men & Mice http://menandmice.com
DNS Policies
DNS Policy criteria can be combined with boolean
expressions ("AND", "OR", "NOT")
Powerful DNS policies are possible …
… that should be used carefully
6
© Men & Mice http://menandmice.com
DNS Policies Demo 1
7
restricting DNS 

recursion to subnets
© Men & Mice http://menandmice.com
DNS Policies Demo 1
Get-DnsServerRecursionScope -Name .

Set-DnsServerRecursionScope -Name . -EnableRecursion $False

Add-DnsServerRecursionScope -Name "Clients" -EnableRecursion $True


Add-DnsServerClientSubnet -Name "MyNetwork" `
-IPv4Subnet "172.22.1.0/24"
!
Add-DnsServerQueryResolutionPolicy -Name "ResolverPolicy" `

-Action ALLOW -ApplyOnRecursion -RecursionScope "Clients" `

-ClientSubnet "EQ,MyNetwork"
8
© Men & Mice http://menandmice.com
DNS Policies Demo 2
9
Application load distribution using DNS
© Men & Mice http://menandmice.com
DNS Policies Demo 2
Add-DnsServerZoneScope -ZoneName example.com -Name "scope1"

Add-DnsServerZoneScope -ZoneName example.com -Name "scope2"

Get-DnsServerZoneScope -ZoneName example.com
!
Add-DnsServerResourceRecord -A -Name www -ZoneName example.com -IPv4Address 192.0.2.10 `

-ZoneScope "scope1"

Add-DnsServerResourceRecord -A -Name www -ZoneName example.com -IPv4Address 192.0.2.20 `

-ZoneScope "scope2"


Add-DnsServerQueryResolutionPolicy -Name "Scope1LDPolicy" -ZoneName example.com `

-ZoneScope "scope1,4;scope,2" -Action ALLOW -ServerInterfaceIP "EQ,172.22.1.150"
!
Get-DnsServerQueryResolutionPolicy -ZoneName example.com
10
© Men & Mice http://menandmice.com
IPv6 root hints
Windows Server 2016 now comes with IPv6 root-
hints preconfigured
• root hints are required for every DNS server to find the
start of all DNS resolution
• Windows Server up to Windows 2012R2 only contain the
IPv4 root-hints for the Internet (however it was possible to
add the IPv6 root-hints manually)
• This change makes it possible to run the Windows DNS
server in an "IPv6-Only" network
11
© Men & Mice http://menandmice.com
DANE TLSA Record support
Windows Server 2016 adds support for the TLSA
Resource Record type
• TLSA is required for DANE (DNS Authenticated Named
Entities)
• "pinning" of TLS/SSL certificates via DNSSEC secured DNS
• see our previous webinar "DNSSEC & DANE – E-Mail
security reloaded" 

https://www.menandmice.com/resources/educational-resources/webinars/dnssec-and-dane-e-mail-security-reloaded/
12
© Men & Mice http://menandmice.com
Demo: TLSA record
13
© Men & Mice http://menandmice.com
Demo: TLSA Record
Add-DnsServerResourceRecord -Name _25._tcp `

-ZoneName example.com -TLSA -CertificateUsage DomainIssuedCertificate `

-Selector SubjectPublicKeyInfo -MatchingType Sha256Hash `

-CertificateAssociationData 831B809F32A1A9E8C52A5167A35A979F0719B89D08E9A3302264F99D
14
© Men & Mice http://menandmice.com
Support for "Unknown Resource
Records"
With new protocols, new DNS record types are added to
DNS
•URI
• SMIMEA and OPENPGPKEY
• TA and TALINK
• …
RFC 3597 "Handling of Unknown DNS Resource Record
(RR) Types" defines a way to provision a DNS server with
resource records unknown to the server software
15
© Men & Mice http://menandmice.com
Support for "Unknown Resource
Records"
the DNS server in Windows 2016 now supports
these unknown resource records
• enables DNS admins to support new protocols which were
not published at the release time of windows server
• the record data is given in hexadecimal notation
• the BIND 9 utility "named-rrchecker" can be used to convert
the data part of an DNS RR into the hexadecimal format
Example: definition of an IPv4 Address "A"-Record:
Add-DnsServerResourceRecord -Name www -ZoneName example.com -Type 1 -RecordData "0A000001"
16
© Men & Mice http://menandmice.com
Demo: Unknown RRs
17
© Men & Mice http://menandmice.com
Demo: Unknown RRs
The Uniform Resource Identifier (URI) DNS Resource
Record:
https://tools.ietf.org/html/rfc7553
!
> echo 'IN URI 10 1 "http://www.example.com/path"' | named-rrchecker -u

CLASS1 TYPE256 # 31 000a0001687474703a2f2f7777772e6578616d706c652e636f6d2f70617468
!
PowerShell> Add-DnsServerResourceRecord -Name _http._tcp -ZoneName example.com `

-Type 256 -RecordData "000a0001687474703a2f2f7777772e6578616d706c652e636f6d2f70617468"
18
© Men & Mice http://menandmice.com
Response Rate Limiting
DNS responses from DNS servers in the Internet
(Authoritative or DNS resolver) can be mis-used for
denial of service attacks
• A problem for a long time, but has been especially popular
with attackers in the last five years
• For additional coverage on this topic, watch our webinar
"The dangers of DNS reflection attacks" 



https://www.menandmice.com/resources/educational-resources/webinars/the-dangers-of-dns-reflection-attacks/
19
© Men & Mice http://menandmice.com
What is the problem
20
DNS is UDP "stateless"
communication
source IP addresses can be
spoofed
some DNS
Server in the Internet
Source IP
Address
"spoofed"
Answer is
delivered to the
owner of the
"spoofed" IP
Address
© Men & Mice http://menandmice.com
What is the problem
21
There are many many DNS
servers to be found in the Internet
© Men & Mice http://menandmice.com
One Solution: Response Rate Limiting (RRL)
• RRL was developed by Vernon Schryver and Paul Vixie
and implemented in BIND 9, NSD, Knot and PowerDNS. It
is now also available in Windows Server 2016.

• as all DNS queries should go through a caching server 

• identical queries should not be seen from the same
source inside the TTL (Time to Live) 

• if the DNS server sees (many) recurring queries within
the TTL, it is likely an attack
22
© Men & Mice http://menandmice.com
One Solution: Response Rate Limiting (RRL)
• response rate limiting counts the number of
identical responses sent to a given network

• will throttle outgoing responses if too much
identical responses are sent

• allows legit clients in the victims network to still
resolve DNS data
23
© Men & Mice http://menandmice.com
One Solution: Response Rate Limiting (RRL)
• in case an attack is detected, (almost) empty
answers are sent with "TC" flag set

• "TC" flag = answer truncated, retry over TCP

• real caching DNS server will repeat the query over
TCP (slower, but harder to spoof)
24
© Men & Mice http://menandmice.com
One Solution: Response Rate Limiting (RRL)
•RRL enabled on an authoritative server
25
© Men & Mice http://menandmice.com
Demo: RRL
26
© Men & Mice http://menandmice.com
Miscellaneous news
DHCP: Network Access Protection (NAP) has been removed
from DHCPv4 in Windows Server 2016
Containers with Docker: lightweight separation of
Applications on a single Windows Server 2016 instance (can be
used to separate a DNS or DHCP server)
Nano-Server: minimal Windows Server 2016 image without
GUI. Can be used to create a lightweight DNS-Server
deployment
Software Defined Networking (SDN) and Layer-4 Load-
Balancer: load-balance DNS server (for example DNS resolver)
27
© Men & Mice http://menandmice.com
Release Dates
Windows Server 2016 will be released in Q3 2016
Men & Mice Suite 7.3 (September 2016) will
support Windows Server 2016
Many of the new features will be supported in the
Men & Mice GUI and Web-UI
28
© Men & Mice http://menandmice.com
Upcoming Webinar
June 9th, 2016 - Yeti-DNS
!
Yet-DNS - an international research project 

on the DNS root-server system
Interview with Shane Kerr of BII
How-To participate in Yeti-DNS with a 

DNS resolver
29
© Men & Mice http://menandmice.com
Thank you!
!
Questions? Comments?
30

More Related Content

What's hot

Real-time Web Application with Socket.IO, Node.js, and Redis
Real-time Web Application with Socket.IO, Node.js, and RedisReal-time Web Application with Socket.IO, Node.js, and Redis
Real-time Web Application with Socket.IO, Node.js, and Redis
York Tsai
 
FILE SERVER
FILE SERVERFILE SERVER
FILE SERVER
Jagdeep Singh Malhi
 
Install and configure windows server 2016 core on hyper v 2016 step by step
Install and configure windows server 2016 core on hyper v 2016 step by stepInstall and configure windows server 2016 core on hyper v 2016 step by step
Install and configure windows server 2016 core on hyper v 2016 step by step
Ahmed Abdelwahed
 
Powershell Demo Presentation
Powershell Demo PresentationPowershell Demo Presentation
Powershell Demo Presentation
Avik Bhattacharyya
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
David J Rosenthal
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
ofsorganizer
 
VMware Esx Short Presentation
VMware Esx Short PresentationVMware Esx Short Presentation
VMware Esx Short Presentation
Barcamp Cork
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)
Alan Mark
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
Mark John Lado, MIT
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & How
Aniekan Akpaffiong
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)
Venkatesh Jambulingam
 
Installing and configuring apache
Installing and configuring apacheInstalling and configuring apache
Installing and configuring apache
Balakumaran Arunachalam
 
[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3
[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3
[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3
Ji-Woong Choi
 
Introduction to Hyper-V
Introduction to Hyper-VIntroduction to Hyper-V
Introduction to Hyper-V
Mark Wilson
 
Installation windows server 2019 standard
Installation windows server 2019 standardInstallation windows server 2019 standard
Installation windows server 2019 standard
Mr Cuong
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
Michael Earls
 
Vmware overview
Vmware overviewVmware overview
Vmware overview
Syed Zeeshan
 
Open stack architecture overview-meetup-6-6_2013
Open stack architecture overview-meetup-6-6_2013Open stack architecture overview-meetup-6-6_2013
Open stack architecture overview-meetup-6-6_2013
Mirantis
 
Virtual machine
Virtual machineVirtual machine
Virtual machine
IGZ Software house
 
VMWARE ESX
VMWARE ESXVMWARE ESX
VMWARE ESX
Yogeshwaran R
 

What's hot (20)

Real-time Web Application with Socket.IO, Node.js, and Redis
Real-time Web Application with Socket.IO, Node.js, and RedisReal-time Web Application with Socket.IO, Node.js, and Redis
Real-time Web Application with Socket.IO, Node.js, and Redis
 
FILE SERVER
FILE SERVERFILE SERVER
FILE SERVER
 
Install and configure windows server 2016 core on hyper v 2016 step by step
Install and configure windows server 2016 core on hyper v 2016 step by stepInstall and configure windows server 2016 core on hyper v 2016 step by step
Install and configure windows server 2016 core on hyper v 2016 step by step
 
Powershell Demo Presentation
Powershell Demo PresentationPowershell Demo Presentation
Powershell Demo Presentation
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 Overview
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
 
VMware Esx Short Presentation
VMware Esx Short PresentationVMware Esx Short Presentation
VMware Esx Short Presentation
 
Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)Cisco Networking (Routing and Switching)
Cisco Networking (Routing and Switching)
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
 
VMware NSX 101: What, Why & How
VMware NSX 101: What, Why & HowVMware NSX 101: What, Why & How
VMware NSX 101: What, Why & How
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)
 
Installing and configuring apache
Installing and configuring apacheInstalling and configuring apache
Installing and configuring apache
 
[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3
[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3
[오픈소스컨설팅]유닉스의 리눅스 마이그레이션 전략_v3
 
Introduction to Hyper-V
Introduction to Hyper-VIntroduction to Hyper-V
Introduction to Hyper-V
 
Installation windows server 2019 standard
Installation windows server 2019 standardInstallation windows server 2019 standard
Installation windows server 2019 standard
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
Vmware overview
Vmware overviewVmware overview
Vmware overview
 
Open stack architecture overview-meetup-6-6_2013
Open stack architecture overview-meetup-6-6_2013Open stack architecture overview-meetup-6-6_2013
Open stack architecture overview-meetup-6-6_2013
 
Virtual machine
Virtual machineVirtual machine
Virtual machine
 
VMWARE ESX
VMWARE ESXVMWARE ESX
VMWARE ESX
 

Viewers also liked

OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) Overview
ThreatReel Podcast
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Canada
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
CheapSSLsecurity
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
Men and Mice
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
ThreatReel Podcast
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
CheapSSLsecurity
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
Men and Mice
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
ThreatReel Podcast
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
OpenDNS
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic Worker
OpenDNS
 
Dns Hardening Linux Os
Dns Hardening   Linux OsDns Hardening   Linux Os
Dns Hardening Linux Os
ecarrow
 
Tcp udp
Tcp udpTcp udp
Tcp udp
Programmer
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
Kabul Education University
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
Avani Patel
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Canada
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishing
ecarrow
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-Camp
Alexander Benoit
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
Men and Mice
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
CheapSSLsecurity
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
Cisco Canada
 

Viewers also liked (20)

OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) Overview
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto  2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic Worker
 
Dns Hardening Linux Os
Dns Hardening   Linux OsDns Hardening   Linux Os
Dns Hardening Linux Os
 
Tcp udp
Tcp udpTcp udp
Tcp udp
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishing
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-Camp
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 

Similar to Windows Server 2016 Webinar

Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
Men and Mice
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
APNIC
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
Deploy360 Programme (Internet Society)
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
Men and Mice
 
Quad9 and DNS Privacy
Quad9 and DNS PrivacyQuad9 and DNS Privacy
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
APNIC
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
Men and Mice
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
Men and Mice
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
DNS Entrepreneurship Center
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
Men and Mice
 
ION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSEC
Deploy360 Programme (Internet Society)
 
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
Deploy360 Programme (Internet Society)
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
F5 Networks
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
Milad Es'Haghi
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
Peter Silva
 
RP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjonRP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjon
Xavier Torrent Gorjón
 
How to choose the right IPAM for your organization final
How to choose the right IPAM for your organization finalHow to choose the right IPAM for your organization final
How to choose the right IPAM for your organization final
Michal Hrncirik
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
Alex Mayrhofer
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
Dan York
 
EDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol ExtensionEDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol Extension
APNIC
 

Similar to Windows Server 2016 Webinar (20)

Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
 
Quad9 and DNS Privacy
Quad9 and DNS PrivacyQuad9 and DNS Privacy
Quad9 and DNS Privacy
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
ION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSEC
 
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 
RP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjonRP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjon
 
How to choose the right IPAM for your organization final
How to choose the right IPAM for your organization finalHow to choose the right IPAM for your organization final
How to choose the right IPAM for your organization final
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
 
EDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol ExtensionEDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol Extension
 

More from Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Men and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Men and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
Men and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
Men and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
Men and Mice
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
Men and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
Men and Mice
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
Men and Mice
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
Men and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
Men and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
Men and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
Men and Mice
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
Men and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
Men and Mice
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
Men and Mice
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
Men and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
Men and Mice
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
Men and Mice
 

More from Men and Mice (20)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 

Recently uploaded

Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Zilliz
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
Brian Pichman
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
SAI KAILASH R
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
RaminGhanbari2
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
kumarjarun2010
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
LINUS PROJECTS (INDIA)
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
313mohammedarshad
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
Steven Carlson
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
digitalxplive
 

Recently uploaded (20)

Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
 
Uncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in LibrariesUncharted Together- Navigating AI's New Frontiers in Libraries
Uncharted Together- Navigating AI's New Frontiers in Libraries
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and DisadvantagesBLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
BLOCKCHAIN TECHNOLOGY - Advantages and Disadvantages
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptxIntroduction-to-the-IAM-Platform-Implementation-Plan.pptx
Introduction-to-the-IAM-Platform-Implementation-Plan.pptx
 
Vulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive OverviewVulnerability Management: A Comprehensive Overview
Vulnerability Management: A Comprehensive Overview
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
 

Windows Server 2016 Webinar

  • 1. Windows Server 2016 what is new in DNS (and IPv6 and DHCP) 1
  • 2. © Men & Mice http://menandmice.com Windows Server 2016 DNS Policies Application Load-Distribution with DNS IPv6 Root-Hints DANE-Records Support Support for Unknown DNS Records Response-Rate-Limiting Other new Features in Windows Server 2016 2 the features discussed here are based on the 
 Technical Preview 5 (April 2016)
  • 3. © Men & Mice http://menandmice.com DNS Policies DNS policies give fine control about how DNS queries should be answered by a DNS server • similar, but more powerful, than BIND 9 views • Use-cases • access control for DNS resolvers (prevent open resolver) • DNS based load-distribution • blackholing malicious clients • Filter based on DNS domains or Query-Type • Geo-Location-Aware DNS answers • Traffic-Engineering based on time-of-day • "Split-Brain" DNS configurations (CAUTION!) 3
  • 4. © Men & Mice http://menandmice.com DNS Policies Every DNS zone can have one or more "ZoneScopes" • each ZoneScope can contain different DNS data (e.g. different IP-Addresses for the same name) • the DNS Policy defines, which ZoneScope is used when a DNS query reaches the DNS server 4
  • 5. © Men & Mice http://menandmice.com DNS Policy criteria 5 Client Subnet Source address of the query Transport Protocol either UDP or TCP Internet Protocol either IPv4 or IPv6 Server Interface IP address on which interface the query comes in domain name an FQDN (wildcards possible) Query Type the requested DNS record type (A/AAAA/MX/SRV etc) Time of Day Time when the query is received
  • 6. © Men & Mice http://menandmice.com DNS Policies DNS Policy criteria can be combined with boolean expressions ("AND", "OR", "NOT") Powerful DNS policies are possible … … that should be used carefully 6
  • 7. © Men & Mice http://menandmice.com DNS Policies Demo 1 7 restricting DNS 
 recursion to subnets
  • 8. © Men & Mice http://menandmice.com DNS Policies Demo 1 Get-DnsServerRecursionScope -Name .
 Set-DnsServerRecursionScope -Name . -EnableRecursion $False
 Add-DnsServerRecursionScope -Name "Clients" -EnableRecursion $True 
 Add-DnsServerClientSubnet -Name "MyNetwork" ` -IPv4Subnet "172.22.1.0/24" ! Add-DnsServerQueryResolutionPolicy -Name "ResolverPolicy" `
 -Action ALLOW -ApplyOnRecursion -RecursionScope "Clients" `
 -ClientSubnet "EQ,MyNetwork" 8
  • 9. © Men & Mice http://menandmice.com DNS Policies Demo 2 9 Application load distribution using DNS
  • 10. © Men & Mice http://menandmice.com DNS Policies Demo 2 Add-DnsServerZoneScope -ZoneName example.com -Name "scope1"
 Add-DnsServerZoneScope -ZoneName example.com -Name "scope2"
 Get-DnsServerZoneScope -ZoneName example.com ! Add-DnsServerResourceRecord -A -Name www -ZoneName example.com -IPv4Address 192.0.2.10 `
 -ZoneScope "scope1"
 Add-DnsServerResourceRecord -A -Name www -ZoneName example.com -IPv4Address 192.0.2.20 `
 -ZoneScope "scope2" 
 Add-DnsServerQueryResolutionPolicy -Name "Scope1LDPolicy" -ZoneName example.com `
 -ZoneScope "scope1,4;scope,2" -Action ALLOW -ServerInterfaceIP "EQ,172.22.1.150" ! Get-DnsServerQueryResolutionPolicy -ZoneName example.com 10
  • 11. © Men & Mice http://menandmice.com IPv6 root hints Windows Server 2016 now comes with IPv6 root- hints preconfigured • root hints are required for every DNS server to find the start of all DNS resolution • Windows Server up to Windows 2012R2 only contain the IPv4 root-hints for the Internet (however it was possible to add the IPv6 root-hints manually) • This change makes it possible to run the Windows DNS server in an "IPv6-Only" network 11
  • 12. © Men & Mice http://menandmice.com DANE TLSA Record support Windows Server 2016 adds support for the TLSA Resource Record type • TLSA is required for DANE (DNS Authenticated Named Entities) • "pinning" of TLS/SSL certificates via DNSSEC secured DNS • see our previous webinar "DNSSEC & DANE – E-Mail security reloaded" 
 https://www.menandmice.com/resources/educational-resources/webinars/dnssec-and-dane-e-mail-security-reloaded/ 12
  • 13. © Men & Mice http://menandmice.com Demo: TLSA record 13
  • 14. © Men & Mice http://menandmice.com Demo: TLSA Record Add-DnsServerResourceRecord -Name _25._tcp `
 -ZoneName example.com -TLSA -CertificateUsage DomainIssuedCertificate `
 -Selector SubjectPublicKeyInfo -MatchingType Sha256Hash `
 -CertificateAssociationData 831B809F32A1A9E8C52A5167A35A979F0719B89D08E9A3302264F99D 14
  • 15. © Men & Mice http://menandmice.com Support for "Unknown Resource Records" With new protocols, new DNS record types are added to DNS •URI • SMIMEA and OPENPGPKEY • TA and TALINK • … RFC 3597 "Handling of Unknown DNS Resource Record (RR) Types" defines a way to provision a DNS server with resource records unknown to the server software 15
  • 16. © Men & Mice http://menandmice.com Support for "Unknown Resource Records" the DNS server in Windows 2016 now supports these unknown resource records • enables DNS admins to support new protocols which were not published at the release time of windows server • the record data is given in hexadecimal notation • the BIND 9 utility "named-rrchecker" can be used to convert the data part of an DNS RR into the hexadecimal format Example: definition of an IPv4 Address "A"-Record: Add-DnsServerResourceRecord -Name www -ZoneName example.com -Type 1 -RecordData "0A000001" 16
  • 17. © Men & Mice http://menandmice.com Demo: Unknown RRs 17
  • 18. © Men & Mice http://menandmice.com Demo: Unknown RRs The Uniform Resource Identifier (URI) DNS Resource Record: https://tools.ietf.org/html/rfc7553 ! > echo 'IN URI 10 1 "http://www.example.com/path"' | named-rrchecker -u
 CLASS1 TYPE256 # 31 000a0001687474703a2f2f7777772e6578616d706c652e636f6d2f70617468 ! PowerShell> Add-DnsServerResourceRecord -Name _http._tcp -ZoneName example.com `
 -Type 256 -RecordData "000a0001687474703a2f2f7777772e6578616d706c652e636f6d2f70617468" 18
  • 19. © Men & Mice http://menandmice.com Response Rate Limiting DNS responses from DNS servers in the Internet (Authoritative or DNS resolver) can be mis-used for denial of service attacks • A problem for a long time, but has been especially popular with attackers in the last five years • For additional coverage on this topic, watch our webinar "The dangers of DNS reflection attacks" 
 
 https://www.menandmice.com/resources/educational-resources/webinars/the-dangers-of-dns-reflection-attacks/ 19
  • 20. © Men & Mice http://menandmice.com What is the problem 20 DNS is UDP "stateless" communication source IP addresses can be spoofed some DNS Server in the Internet Source IP Address "spoofed" Answer is delivered to the owner of the "spoofed" IP Address
  • 21. © Men & Mice http://menandmice.com What is the problem 21 There are many many DNS servers to be found in the Internet
  • 22. © Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) • RRL was developed by Vernon Schryver and Paul Vixie and implemented in BIND 9, NSD, Knot and PowerDNS. It is now also available in Windows Server 2016.
 • as all DNS queries should go through a caching server 
 • identical queries should not be seen from the same source inside the TTL (Time to Live) 
 • if the DNS server sees (many) recurring queries within the TTL, it is likely an attack 22
  • 23. © Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) • response rate limiting counts the number of identical responses sent to a given network
 • will throttle outgoing responses if too much identical responses are sent
 • allows legit clients in the victims network to still resolve DNS data 23
  • 24. © Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) • in case an attack is detected, (almost) empty answers are sent with "TC" flag set
 • "TC" flag = answer truncated, retry over TCP
 • real caching DNS server will repeat the query over TCP (slower, but harder to spoof) 24
  • 25. © Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) •RRL enabled on an authoritative server 25
  • 26. © Men & Mice http://menandmice.com Demo: RRL 26
  • 27. © Men & Mice http://menandmice.com Miscellaneous news DHCP: Network Access Protection (NAP) has been removed from DHCPv4 in Windows Server 2016 Containers with Docker: lightweight separation of Applications on a single Windows Server 2016 instance (can be used to separate a DNS or DHCP server) Nano-Server: minimal Windows Server 2016 image without GUI. Can be used to create a lightweight DNS-Server deployment Software Defined Networking (SDN) and Layer-4 Load- Balancer: load-balance DNS server (for example DNS resolver) 27
  • 28. © Men & Mice http://menandmice.com Release Dates Windows Server 2016 will be released in Q3 2016 Men & Mice Suite 7.3 (September 2016) will support Windows Server 2016 Many of the new features will be supported in the Men & Mice GUI and Web-UI 28
  • 29. © Men & Mice http://menandmice.com Upcoming Webinar June 9th, 2016 - Yeti-DNS ! Yet-DNS - an international research project 
 on the DNS root-server system Interview with Shane Kerr of BII How-To participate in Yeti-DNS with a 
 DNS resolver 29
  • 30. © Men & Mice http://menandmice.com Thank you! ! Questions? Comments? 30